Posted
by
timothy
on Friday December 31, 2010 @02:17AM
from the hey-man-those-are-just-like-rules dept.

polar_bear` writes "Red Hat's Matthew Garrett has been checking to see who's naughty and nice. Most Android tablet vendors? Naughty, naughty, naughty, when it comes to GPL compliance. In the current crop of Android tablets, most of the vendors flout the GPL and fail to ship source."

The area that surprises me is the 'devices produced by small unknown Chinese companies; but rebadged and sold by large American/Japanese/etc. ones' niche.

Given the number of obscure OEMs toiling away on designs based on what appear to be the same set of chipsets, you would expect that a large reseller would have its choice of OEMs, and strong ability to dictate terms. Further, you would expect that the respective legal departments of these re-badgers would absolutely flip out at the idea of incurring substantial risk of copyright infringement risk.

The odds that Sylvania actually produced the hardware being marketed under their name are not huge; but Sylvania is a US-market brand of a pretty big Japanese electronics outfit. If anybody were to sue them about it, there could be serious money on the table.

Coby Electronics Corporation, while it isn't exactly a luxury brand(seen by name in places like CVS pharmacy's electronics aisle, does some OEM work for Radio Shack), is a company with nontrivial size and US presence. Were I their lawyer, I'd be turning a cool shade of purple at the amount of liability we were racking up to score some tiny margins on skeezy wannabe android tablets to be sold to suckers at CVS.

While FOSS guys tend to be nice about it, the penalties in the US for copyright infringement are downright draconian, and that niceness is wholly optional.

these re-badgers would absolutely flip out at the idea of incurring substantial risk of copyright infringement risk.

You need money to sue someone. FOSS idealists have none, and big companies with vested interest in FOSS software that could afford the legal costs know better than to hurt their own kind. That's why everybody and their dogs trample on the GPL with zero fear of legal actions.

I suspect, percentage wise, it is fairly safe; but more than a few well-known names have been bitten for noncompliance with respect to busybox utilities... It's hardly a certainty, I'm just surprised that, given the likely bargaining power of the re-badger vs. the random throwaway OEM, that legal is signing off on even modest risk.

Hardly bitten, more like they got a mildly dirty look from a random stranger. Have there been any settlements or awards that were more than a slap on the wrist of the company? Any that in any way impacted their bottom line in even the smallest way?

For most, simply coming into compliance is all they are ever asked to do in court.

Some busybox (etc) providers drag their heels on even that, but most simply hang it on their website in some obscure place and call it a day. Most of these devices are obsolete before anyone notices the missing source code.

Its not hard to comply, its just that Joe Purchasing Agent has no clue he is supposed to do so when he buys a cheesy tablet from an OEM and changes nothing but the label on the back.

Ask Eben Moglen, chief legal counsel for the Free Software Foundation, how the GPL has been enforced [gnu.org] all these years.

In approximately a decade of enforcing the GPL, I have never insisted on payment of damages to the Foundation for violation of the license, and I have rarely required public admission of wrongdoing. Our position has always been that compliance with the license, and security for future good behavior, are the most important goals. We have done everything to make it easy for violators to comply, and we have offered oblivion with respect to past faults.

Enforcing the GPL, for the Free Software Foundation anyway, has never been about punishing the violators, as it tends to be with other copyright-related litigation, but more about getting people to comply with the license. In another speech [gnu.org], Moglen explains why there has never been a court test of the GPL, which is what you seem to be looking for:

...In order to defend yourself in a case in which you are infringing the freedom of free software, you have to be prepared to meet a call that I make reasonably often with my colleagues at the Foundation who are here tonight. That telephone call goes like this: "Mr. Potential Defendant, you are distributing my client's copyrighted work without permission. Please stop. And if you want to continue to distribute it, we'll help you to get back your distribution rights, which have terminated by your infringement, but you are going to have to do it the right way."

At the moment that I make that call, the potential defendant's lawyer now has a choice. He can cooperate with us, or he can fight with us. And if he goes to court and fights with us, he will have a second choice before him. We will say to the judge, "Judge, Mr. Defendant has used our copyrighted work, copied it, modified it and distributed it without permission. Please make him stop."

One thing that the defendant can say is, "You're right. I have no license." Defendants do not want to say that, because if they say that they lose. So defendants, when they envision to themselves what they will say in court, realize that what they will say is, "But Judge, I do have a license. It's this here document, the GNU GPL. General Public License," at which point, because I know the license reasonably well, and I'm aware in what respect he is breaking it, I will say, "Well, Judge, he had that license but he violated its terms and under Section 4 of it, when he violated its terms, it stopped working for him."

But notice that in order to survive moment one in a lawsuit over free software, it is the defendant who must wave the GPL. It is his permission, his master key to a lawsuit that lasts longer than a nanosecond. This, quite simply, is the reason...that there has never been a court test of the GPL.

Given this kind of legal bind, most defendants when pressed by competent GPL plaintiffs would rather comply with the license like they are supposed to than fight it out in court under those terms.

There have been tests of the GPL in court. Two I'm aware of are MySQL ab v Progress Software Corp and Busybox v Westinghouse Digital Electronics. In both cases, it was held that the GPL does work as advertised.

You need money to sue someone. FOSS idealists have none, and big companies with vested interest in FOSS software that could afford the legal costs know better than to hurt their own kind. That's why everybody and their dogs trample on the GPL with zero fear of legal actions.

With GPL v.3, if the software used implements any patents and you got a patent license through the GPL, then a GPL violation is now both copyright infringement and patent infringement. So things could get very nasty. And the low fear of legal actions doesn't come from "FOSS idealists having no money", it comes from "FOSS idealists being nice and not pressing for maximum damages".

While FOSS guys tend to be nice about it, the penalties in the US for copyright infringement are downright draconian, and that niceness is wholly optional.

It remains to be seen if some FOSS guy inclined to not be nice about it would actually win in court. So far there have been zero examples of such so their behavior is eminently logical, if distasteful.

As soon as we made Viewsonic aware of their obligations and got somebody halfway intelligent there involved (i.e. not just first line customer service people, though we got them to write up notes about the number of callers requesting GPL source code too), this went through marketing and legal, and they got source released within a matter of weeks for the G Tablet. You're right, nobody wants to sit on legal risk for products with slim margins in competitive markets.

Speaking as one of the Viewsonic G Tablet kernel hackers who helped push for VS to release source and has since identified and helped fix several of the critical kernel bugs, it was a non-trivial business problem to get the code.

Malata, the hardware OEM, is Chinese and thus not subject to US or European IP law regarding things like the GPL. Viewsonic did not develop the software in house, they contracted the whole Android packaging and UI job out to a startup called Tap N Tap based in Cambridge, MA. Tap N Tap was then constrained by the confidentiality agreements they had with Viewsonic. Viewsonic didn't really have any software team on board who understood the legal issues involved and their marketing guys had to help push everything through legal with the help of the Tap N Tap guys. Furthermore, the G Tablet is apparently distributed by a company called US Worldwide under a distribution agreement of some sort with Viewsonic - so not clear that Viewsonic ever even took delivery of a single tablet themselves.

We used Twitter to nag Viewsonic about not having released the kernel source and keep the issue in the public eye. Once they got clearance, they got the source from Tap N Tap, and posted it on the website.

This all just happened on December 24th. So Viewsonic is still most likely working on legal compliance issues for other tablets. I'm sure if people make formal requests for source and send some nagging reminders like we did for the G Tablet, they'll release any GPLed source too - they are making an effort at least, unlike many companies.

But it did take about a month long organized effort from the XDA Developers forums, involving call-ins to customer service, emails to top executives, and twitter posts. Much of that was simply education of people at several layers of the company about their obligations - again, their company never even touched the source code so this probably never went through their own legal people until we pushed it to them.

The result is we were able to merge up a bunch of critical kernel bug fixes from the main NVidia Tegra 2 source tree and we now have custom kernels that support a crap-ton of new features, along with custom ROMs. And we've gotten source for basically all the drivers too and we've started improving some of them.

No, we don't have the full source for the Tap N Tap UI stuff since Android's UI layer is Apache licensed and there's no obligation for Tap N Tap to release that code, but it doesn't affect us too much. We have the full AOSP source, the NVidia source tree, and there are so many custom launchers and stuff to work with out there that we've got several awesome ROMs released now.

I suspect there may be similar legal/logistical issues with the other Viewsonic tablets' source code. I don't know if enough people have even bought those tablets to care enough to request source code though - if you own one, make a request to Viewsonic. Heck, their Marketing VP has an account on the XDA Developer forums now, you can PM him there.

Also - that list is a bit misleading. Since we have the Viewsonic G Tablet kernel source, we basically have all the drivers and kernel code for all the Malata devices now, including the ZPad. In fact, Viewsonic released some of the ZPad drivers that aren't even used in the G Tablet (like the first gen ZPad resistive touchscreen driver).

Additionally, Advent has stated that they are working to release source code for the Vega which is apparently assembled by BYD but as far as we can tell, uses most of the same components and a very similar design to the Malata ZPad. I suspect we have nearly all the drivers and patches for that in our Viewsonic release too, but I'm sure their official kernel source will be out within a few weeks regardless.

So yeah, there are still some legal issues, but at least with the Tegra 2 devices and with most of the mainstream Western vendors, they are working their way to compliance currently.

Malata, the hardware OEM, is Chinese and thus not subject to US or European IP law regarding things like the GPL.

The GPL's authority is based in copyright law and China is a signatory of the Berne convention (As well as the Universal Copyright Convention, the TRIPS agreement and the WIPO Copyright Treaty), so yes, they are subject to it. Just no one bothers to go after them about it.

My LG Android has a page in the setup application which lists the license of every binary and ends with the offer to provide the source. I would be interested in the contents of the corresponding page on this tablet.

The Google reference kernel code doesn't contain the driver code for any of these tablets, and the vast majority of them are based on SoC platforms that don't exist at all in the Google code. The tablet vendors can't simply point at the Google repositories, they're obliged to either ship the source with the devices or provide a written offer to provide the source to any third party on request.

The Google reference kernel code doesn't contain the driver code for any of these tablets, and the vast majority of them are based on SoC platforms that don't exist at all in the Google code. The tablet vendors can't simply point at the Google repositories, they're obliged to either ship the source with the devices or provide a written offer to provide the source to any third party on request.

No. they only have to provide source to their customers, not to any third party.

"Accompany it with a written offer, valid for at least threeyears, to give any third party, for a charge no more than yourcost of physically performing source distribution, a completemachine-readable copy of the corresponding source code, to bedistributed under the terms of Sections 1 and 2 above on a mediumcustomarily used for software interchange"

You don't have to choose that option - you can use 3(a) instead, but that means that the source has to be with the device when you sell it.

"Accompany it with a written offer, valid for at least three years, to give any third party...

I think the GPL v3 6b says you only have to provide the source to someone who possesses the device containing the GPL'd code.

"Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code..."

Yes, but given that the kernel is under GPLv2 (not v2 or later), what GPLv3 says isn't terribly relevant...

Even then, the written offer must be good for anyone who obtains the object code. I download a firmware image from your site? You're obliged to give me source on request. One of your customers downloads a firmware image and then gives it to me? The same applies.There's no point at which it's limited to your customers.

Please correct me if I'm wrong: If a customer downloads a firmware image from my site, then yes, I'm obliged to provide the source to that customer. But my obligation is only to provide the source to those who get the binaries directly from me. If the customer turns around and gives you a copy of the firmware then *they* must provide you with the source - not me.

Technically correct, but it's much more practical to put the source code on a public HTTP or FTP server where anybody can get it. Any extra effort to only allow your own customers is a waste of time and money.

But... isn't it the obligation of the person who gave YOU the code to provide the source? So if a company sells tablet to X, with offer for source, then X gives object code to Y, it seems it's X's obligation to give Y the source code, not the company. At the very least, the company may not have the resources to give it to everyone X gives the object code to, only to X.

Both. "A company" has to give the source code to anyone who receives the object code, which includes X and everyone that X gives the object code to and everyone those people pass the source code on to. X for the same reasons has to give the source code to anyone they gave the object code to and so on. If I buy a tablet from X and give the object code to you, then "the company", X, and I, all three have the obligation to give you the source code.

yes, the person who gave you the code also has that obligation. but that doesn't relieve the original distributor of their obligation.

in your example, both the company AND X have the obligation to provide/make-available the source to Y

btw, it's irrelevant whether the company has the resources to provide the source to everyone - same as it's irrelevant whether you have the resources to pay for the food you order in a restaurant....you have an obligation to pay regardless

No. If you distribute under 3(b), then as long as I'm not distributing commercially I can distribute under 3(c) and pass on the written offer - which still leaves you responsible for providing the source.

And by "drivers" here, I also mean "board setup code". I can guarantee you that the MSM code in the Google tree isn't going to know which gpio lines are connected to your tablet's LCD power control, even if the CPU happens to be the same one that was in the G1.

Some insist anything linked against the kernel libraries (making calls to the kernel) must be make source code available. But I do not believe this is the general consensus.

It's more complex than that. Drivers do not have to be GPL'd, unless they are a derived work of the kernel. If they are not (e.g. the nVidia blob drivers), then they may be distributed under any license that you wish.

The kernel, however, requires that anything linked to it be distributed under a GPL-compatible license. Any Linux kernel that links against things under a license that the GPL is incompatible with, is in violation of the GPL. The GPL, however, makes it clear that you do not require any license to use the code, so end users may download the Linux kernel and the nVidia drivers, link them together, and still be allowed to use the code.

What they can't do is distribute the result. If you distribute the Linux kernel along with a GPL-incompatible driver, then you are in violation of the GPL. This means that you have no valid license to distribute the Linux kernel (unless you acquire one from all of the Linux copyright holders), and so every time you copy the kernel you are committing copyright infringement. Shipping a device with binary-only drivers and a Linux kernel is almost certainly wilful infringement, and carries a statutory penalty of up to $150K in the USA. It's probably cheaper to use FreeBSD...

It gets complicated. You can ship a kernel and a driver side-by-side ("mere aggregation" - section 2 of GPLv2). A user can then use modprobe to load the driver. At this point, has infringement occurred?

It gets complicated. You can ship a kernel and a driver side-by-side ("mere aggregation" - section 2 of GPLv2). A user can then use modprobe to load the driver. At this point, has infringement occurred?

That is not mere aggregation. To get a binary that can be loaded into the kernel with modprobe, you must have already linked with the kernel. It's the reason why nvidia doesn't ship a driver ready to be loaded that way. You must use gcc to compile their little wrapper and link to the kernel yourself.

Either that or get it from your distro, who are most certainly violating the GPL when they ship it. The reason nobody is complaining is because all that this would accomplish is getting the distros to stop c

I understand you to be saying that yes, you can work around the GPL, but you have to include an extra step. You have something which links in directly to the kernel and ship source for that, but it ties together the kernel and the driver and allows you to ship a binary driver with the kernel. Is that it?

I understand you to be saying that yes, you can work around the GPL, but you have to include an extra step. You have something which links in directly to the kernel and ship source for that, but it ties together the kernel and the driver and allows you to ship a binary driver with the kernel. Is that it?

Yeah, that's it, although I personally wouldn't call it "working around the GPL." That point is arguable, but the way I see it, the GPL restricts distribution, not use. If you, as the user, are willing to link something that is not free with your gpl code, you're absolutely free to do so. You're just not allowed to distribute the results.

Basically, I agree with your point on aggregation. I just wanted to clarify that if all you need to is type "modprobe driver_name", than that means that a driver_name.k

I do also wonder how well the argument that linking creates a derivative work would hold up in court - you could make the case that you can create a partial index to a work without creating a derivative work (and e.g. Google would certainly want to support you in making that case), and you can link using a partial "index" to the kernel without using the kernel itself.

Even if the device in question is a completely unaltered build of upstream, public-ally available, sources, anything GPL still has to be either made available with the binary or the binary has to be accompanied by a written offer to provide on request for no more than reasonable duplication costs.

Many of these devices probably don't deviate much from upstream; but I'd be surprised if they are 100% identical(not that that is legally relevant; but if you aren't even shipping a binary based on upstream sour

Kernel source, specifically drivers and patches to build your own usable kernel is the issue here.

It's a real problem with tablets. Yeah, in terms of the OS itself, AOSP provides everything we need to build our own, and vendors aren't under any obligation to provide UI layer changes they make to Apache-licensed stuff. That's fine, because 90% of those vendor changes suck anyway.

But many of these tablets ship with buggy, binary-only kernels and driver modules with mysterious patch sets used to build them.

Making available does not require shipping, nor does it include hosting your own servers. You need merely "make it available". There are no specific requirements as to where it must be a available, and having the Open Handset Alliance perform this service is sufficient.

Samsung and some others are quite responsive in getting the source out there. Others not so much.

My only point in my post above is there is no requirement that the source be "shipped". It merely needs to be available along with any modifications a manufacturer makes to it.

For that to work the company earning profits from Android must contribute to hosting the source code. If that don't do that the version of android used on the tablet might not be available when needed.

For that to work the company earning profits from Android must contribute to hosting the source code. If that don't do that the version of android used on the tablet might not be available when needed.

You may convey a covered work in object code form under the termsof sections 4 and 5, provided that you also convey themachine-readable Corresponding Source under the terms of this License,in one of these ways:

a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.

b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
prodwuct that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.

c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.

d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.

e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.

So say windows 8 turns out to be red hat linux with a new label on the box. For source code MSFT points back to red hat. The red hat servers melt from too much traffic and red hat restricts downloads to their own customers.

For MSFT to satisfy the GPL they must have control over the infrastructure which delivers the source code. Otherwise they are not in compliance. They could do this by paying red hat to do it for them. They could do it themselves. Maybe google provides this service for Android. I don't know.

Err... that is the part that requires source code to be distributed. Read it. It specifies 4 ways that you can distribute source code:

- on a disk supplied with the device you're shipping- with a written offer supplied with the device you're shipping- forwarding a written offer provided by somebody else (only available for noncommercial distributors)- providing a download *from the same location the customer downloaded the binaries*.

The GPL requires that vendors either provide the source code to the GPL components with the device, or alternatively to provide a written offer to provide the source code upon request. Many vendors fail to do this.

The rest? Well without digging thru their documentation, web sites, and "about screens" I can't be sure there isn't a written notice somewhere, and have to take the authors word that he did an exhaustive search. I

Note that this is the GPLv3, which is not relevant to android. GPLv2 only allows the first three ways of distributing the source (it was written back when Internet access was rare and software was commonly distributed on tapes - the FSF used to sell tapes of the GNU source tree).

Because he is quoting the part about what gives you the right to distribute the object code. Each of the bullet points gives a method of object code distribution and the methods of source code distribution that allow you to comply with the licence.

Of course, he is quoting the wrong licence. The Linux kernel is distributed under GPL v2.

The red hat servers melt from too much traffic and red hat restricts downloads to their own customers.

And until either of those things happen MSFT is perfectly compliant with the GPL. If those things happen then they need to provide another location for the source but there is no need to do so preemptively.

Your logic dictates that any approach which has the possibility of going down, which is all of them, is not GPL compliant. So by your logic no company can ever be compliant with the GPL since it's always possible for their servers to crash and thus render them no longer compliant with the GPL.

The red hat servers melt from too much traffic and red hat restricts downloads to their own customers.

if RH did that, then *they* would not be in compliance with the GPL.

the kernel and many other programs on RH are GPLv2, so they have to make them available to any third party. Many other programs are GPLv3, so they have to make them available to anyone who possesses a copy of the object code (no matter how they obtained it).

so...

ethically, MSFT probably should host source for any GPL code they distribu

how, exactly, would that put RH out of business?
you mean the tiny fraction of the tiny percentage of IBM or Oracle customers who actually want the source would cost RH so much in bandwidth that they'd go bankrupt?
yes, i'm sure that's very likely.
BTW, the GPL *does* work that way.

So? The GPL is an agreement between two parties - the person who gives the code and the person who receives the code. If A gives GPL'd code to B and B gives it to C, then there A has no obligations towards C. If A ceases to exist as a legal entity, then B is still liable to fulfil the GPL obligations to C.

A also has an obligation to the author(s) who wrote the code and licensed it to A - and by redistributing the GPL code, A agreed to the terms.

in the situation you describe above, both A and B have GPL-related obligations to C. this is true for both GPLv2 and GPLv3. GPLv2 says they have an obligation to provide source to ANY third party, GPLv3 says they have an obligation to provide source to ANYONE who has a copy of the object code they distributed.

GPLv2 says they have an obligation to provide source to ANY third party

Not true. They may have such an obligation, but only if they did not provide the source along with the binary. Actually, they never quite have that obligation. According to clause 3b of GPLv2, they have to provide a written offer good for three years to provide the source to any third party, but after three years they don't have to provide the source, and they don't have to provide the source to anyone who did not receive this written offer (either from them, or as a result of someone else satisfying cla

So say windows 8 turns out to be red hat linux with a new label on the box. For source code MSFT points back to red hat. The red hat servers melt from too much traffic and red hat restricts downloads to their own customers.

For MSFT to satisfy the GPL they must have control over the infrastructure which delivers the source code. Otherwise they are not in compliance. They could do this by paying red hat to do it for them. They could do it themselves. Maybe google provides this service for Android. I don't know.

For that to work the company earning profits from Android must contribute to hosting the source code. If that don't do that the version of android used on the tablet might not be available when needed.

There is no requirement to contribute. If the version they use is available they need to do nothing. If the version is not then they must find another site to refer to or make it available themselves.

I think there is some confusion because the FSF recommends not referring to another site because they may stop providing your version at some time without your knowledge.

The source you provide or link to must be the same source used to produce the binaries you're shipping on your device. In other words, if I take Google's source and build binaries with it, and those binaries differ from the ones shipping on your device, it's not the same source code, and does not comply with the license.

Pointing to a source for Android, is not the same thing as providing the source for the modifications to that source that you (as a vendor) have done to the source.

They have to include an offer on how exactly the user can get the source code, and they are liable for fulfilling it - they can rely on a third party such as Open Handset Alliance, but they must include an offer stating that OHA will do it, and are liable if OHA doesn't do it for some reason (say, not having the exact version that matches the code on the shipped device)

No it isn't - read the GPL (section 3). If they did not receive the source, but just received an offer in writing to provide the source on request, then they may provide that offer instead of the source to other people. Alternatively, they must provide an offer in writing (good for three years) to provide the source, or must provide the source along with the binaries, on a medium commonly used for software interchange (for example, print-outs of the source would not satisfy this condition). Pointing at th

3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of
Sections 1 and 2 above on a medium customarily used for software
interchange; or,
b) Accompany it with a written offer, valid for at least three years,to give any third party, for a charge no more than your cost of
physically performing source distribution, a complete machine-
readable copy of the corresponding source code, to be distributed
under the terms of Sections 1 and 2 above on a medium customarily
used for software interchange; or,
c) Accompany it with the information you received as to the offer to
distribute corresponding source code. (This alternative isallowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;

the last page of the manual contains the sacred phrase: "This device uses software and libraries licensed under GNU GPL, GNU LGPL and Apache licenses. Ac

Yes, you did miss something: "any third party". You stated "...we are not under obligation to give our sources to random hackers...". I'm not a lawyer, and I wonder whether "any third party" means something more restrictive in this context, but a plain English reading implies that anyone at all can request a copy of the source, and you would be obliged to comply.

I think it means that if someone else buys your machine second hand from one of your customers, then they have a right to the source. I guess you can always ask for the serial number of the machine before shipping the source, and having that would help you send the right version of the code anyway.

the distributor must either include their sources or make a clear offer to their customers to provide them on demand. They needn't provide them to the general public.

If they ship the source with the binary, then they do not have to provide the source to anyone else. If they don't ship the source with the binary, then they must make the source available to anyone who has a copy of the binary, not just their direct customers (or really anyone under certain circumstances). The GPLv2 was clearer in that regard: For commercial distribution, either ship with source or make available to "any third party". (The first party is who offers the license, the second party accepts it,

If GPL item A is inferior to my needs than non technicality item B, why should I be buying A to enforce a co-alliance's problem, is it not their issue for letting these B items exist without ramifications?

I for one am not going to bother checking a "naughty and nice" list for every single fkin purchase, force them if you want your licence to be inforced, otherwise leave me, the consumer out of it

Assuming that you personally don't care about the ability to see and modify the source to the whole operating system on your phone, perhaps it would be nice to avoid this scenario:1) You buy GPL-violating tablet from no-name company.2) Company gets sued or threatened.3) Company disappears and your device no longer has any support.

Step 3 alone deserves this AC be modded up!First-world markets are already cutthroat enough as it is, and you cannot find any device past 18 months still sitting on shelves brand new unless it is super, extremely popular. If you compare the success and support of your quickcams or blackberries, which are slightly different and each have their own idiosyncracies (remember the one that never got Win2K support when random other ones did.)

Now, if we throw in an unstable mix of producers who get threatened to re

2) Company goes under because they didn't make the incredible sums of money they told their venture capitalists they would make. (This is *very* common with portable device manufacturers.) Or becasue their batteries melt. Or because their manager embezzled the money. Or because they get bought up by another company that could not care less about their purchased company's previous owners.

You sound awfully bent out of shape, given that what you are responding to is some random internet writer's semi-rhetorical request...

Obviously, only people with a strong personal interest in GPL matters are going to factor that in to their buying decision(along with a halo of people who don't actually care whether a specific distributor is compliant or not; but are basing their buying decision on whether or not a good 3rd-party build is available, since the 1st party builds on a lot of these no-names ar

Red Hat doesn't have the resources, nor even the incentive to pursue GPL violation lawsuits for Android - Google is the custodian here. Now you may argue it is Google's job to do this but they, for whatever reason, ain't.

If you buy a device, without the protection of the GPL, don't expect support or updates from your cheap Chinese knock-off. i.e. Your Android version may be stuck at 2.3 for the life of the device. Which if you are content to be stuck in 2010 for the next 3 years, or however you long you env

You seem to be under the impression that the GPL is designed to protect the original developer. It's not, it's designed to protect you, the end-user.

You might not care, but lots of people don't care about the warranty, doesn't mean they should never offer it.

If you want an example of how it could benefit you, imagine you get a tablet with a modified version of Android Froyo. Then you want to upgrade to Gingerbread but alas, the company doesn't offer it.Now, if the GPL had been followed, any developer could

not to be a douche on this, but what is my incentive? If GPL item A is inferior to my needs than non technicality item B...

Your incentive is that the maker of item B might screw you and others over with the existing device or future devices e.g DRM, locking away your data in proprietary formats, selling your info to advertisers, trying to stop third-party firmware, etc. You have to wonder if their attitude to the GPL is just part of a general pattern of exploitation and corporate arrogance.

You're less likely to get _any_ improvements. User and developer feedback, flavored with the information in the publicly available source code, have been tremendours sources of Linux and GPL software features and fixes. And one thing that I do as a developer is to publish my patches to the vendors, so that they can integrate them in their next release. (This happens several times a year for me: it's very gratifying, it saves me considerable time in setting up workarounds, and it looks very good on my annual

Even though I have not contributed one line of code, I'm still affected by it as a software developer. I earn my living by writing software for my company. I do not use GPL because I know it's illegal not to publish the code, and my company cannot afford to publish our code, due to competition.

This means that my company invests time and money (which directly affects my livelihood due to competition) into software development, while other, larger companies just take GPL'ed code and use it without fear (and without any intention to release their code). So they have an unfair advantage over my company. It's unfair, because what they do is illegal. Not "mildly" illegal, like taking candy from a baby (= taking code from whining hippy spare-time developers), but very illegal, like stealing code from a competitor. Basically this business practice harms competition, and indirectly it also harms the consumer - big companies destroy their competiton by illegal means, and the consumer is left with less choice.

GPL has a purpose - to make the code, changes and derivatives available to everybody. Using it in other ways gives big companies unfair advantage, which is in many places an illegal practice (like bribing politicians or abusing public resources with impunity). Yes, it's the way of the world, but many people are angry about corrupt politicians even if they are not directly affected.